CVE-2024-26155 MEDIUM

CVE-2024-26155: ETIC Telecom Remote Access Server (RAS) Cleartext Transmission of Sensitive Information

Vendor Etic Telecom
Product Remote Access Server (RAS)
Weakness CWE-319 · Cleartext transmission
Published January 17, 2025
Last update January 21, 2025

CVSS base score

6.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden, thus allowing a connection to the ETIC RAS ssh server, which could enable an attacker to perform actions on the device.

Key dates

02Disclosure timeline

January 17, 2025 CVE published
January 21, 2025 Record updated